Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Socks 4, 5 - Wingate Proxy

Posted on 2004-10-07
10
445 Views
Last Modified: 2012-06-21
This sucks :(

Got a call from my T1 provider today and it seems that my server (Win 2003 Enterprise) has been hacked...  Ports 23 & 1080 are showing Socks 4 & 5 and Wingate Proxy vulnerabilities, and my SPAM abuse rating is at 4.5 per senderbase.org.  I am not purposefully running a proxy server, I am running the basic firewall in Routing and Remote Acess, and only have a few ports open of which 25 & 1080 are not open in RaRAS.

This server is a multiple occupancy building where everyone shares the same T1 and just uses differnt local IP's (eg: 192.168.20.x, 192.168.30.x, etc.).  So I am assuming that the hack came from one of the other IP blocks via the internet because I am using Group Policy to lock up what functions I don't want the user to have.

So...  now that you guys have the background, what should I do?  I have a Sonicwall Pro 200 I can put in place, but would rather use a software solution as I am not a fan of hardware firewalls.  They are cumbersome and hard to maintain from remote.  Also I need to protect the Inside of the LAN form the other IP ranges.  I am considering MS ISA Server, but would rather get the opinion of you guys first...  Thanks :)
0
Comment
Question by:mikemaner
  • 5
  • 5
10 Comments
 
LVL 15

Expert Comment

by:plimpias
ID: 12255499
OK..this question you have is subjective. From my opinions..keep in mind i used to love ISA..because of packet filtering and how you can specify things down to the packet level. But think about the big picture. with ISA 2000 there were several exploits that made the firewall vulnerable...ok what? a firewall vulnerable..what a joke. second how many patches did microsof come out with? 20 plus? and 2 Service packs! wow..lots of mistakes. third, ISA takes way to much memory and processor speed from your computer. fourth to run ISA correctly microsoft recommends to use ISA with a dedicated computer..(more money). Ok so you get the point. for 1400 buck you can get yourself a nice little pix firewall..if u want remote access enable a telnet user name and password. just set it and forget it..no maintaince..no down time..just a nice little hardware firewall doing its think. I really recommend a firewall solution. Sonic wall is also i good firewal but its not one of my top choices. I would go PIX Cisco firewall. Or watchgaurd firewall. then make other choices. both pix and watchgaurd can be remotely administered. with you situation that you have..first update your server with all critical updates. make sure all of them are installed. go to GRC.com and run shields up to make sure you dont' have extra ports open. do a full system scan of antivirus and run fix tools if some are found and can't be fixed. GET a hardware firewall solution..

if you have any questions...let me know.
0
 

Author Comment

by:mikemaner
ID: 12262915
well, I have 2 options at this point (a PIX Firewall won't work in this situation unfortunately)...  I can either set up ISA on the existing AD aor I can setup a Linux box and Run Squid.  

I personally would rather run ISA, just because I have tried to stay in the Microsoft envelope on this job.  But I have no experience in setting it up and if my assumptions are correct, it's not an easy job to set up ISA on an existing DC, it wants to be on it's own.  So, if there's any help out there on how to setup ISA I would be greatly in your debt :)
0
 
LVL 15

Expert Comment

by:plimpias
ID: 12264488
OH yeah not a problem. http://www.isaserver.org/ has awesome tutorials for this. You can find anything that has to do with ISA.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:mikemaner
ID: 12264577
I have actually looked there, and unless I'm just pulling a stupid I haven't seen any step by step guides.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 12264828
Yeah your pulling a stupid then. They have all the toturials. Just need to search for what you are looking for.
0
 

Author Comment

by:mikemaner
ID: 12290435
DOH!, i just cant figure out what I'm doing wrong here.  I can get it installed fine, but it wont connect to the AD and DNS & RAS Dont work either.  I know your not technically supposed to do an ISA install on your primary DC, but it's really the only option I have...  Any Ideas?
0
 
LVL 15

Expert Comment

by:plimpias
ID: 12293569
Are u using ISA 2004? cause that install is a little different then 2000?
0
 

Author Comment

by:mikemaner
ID: 12293656
Yep, using ISA 2004 on Windows Server 2003 Enterprise Edetion, running DC, DHCP, RaRAS, DNS (Root Hints, no Forwarders).  Pretty standard install.
0
 
LVL 15

Accepted Solution

by:
plimpias earned 500 total points
ID: 12293865
Ahh...you have to add a policy. to allow local host to your internal network. allow always. and do the same with the internal network to the local host.
0
 

Author Comment

by:mikemaner
ID: 12303751
Could you elabotate on that a bit?  I'm a bit confused :)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question